ExtremeXOS Concepts Guide 12.0_100262-00 Rev 01
1166
Extreme Networks, Inc. 3585 Monroe Street Santa Clara, California 95051 (888) 257-3000 (408) 579-2800 http://www.extremenetworks.com ExtremeXOS Concepts Guide Software Version 12.0 Published: 2007 Part number: 100262-00 Rev 01
-
Upload
ahmad-somat -
Category
Documents
-
view
946 -
download
7
Transcript of ExtremeXOS Concepts Guide 12.0_100262-00 Rev 01
ExtremeXOS Concepts GuideSoftware Version 12.0
Extreme Networks, Inc. 3585 Monroe Street Santa Clara, California 95051 (888) 257-3000 (408) 579-2800 http://www.extremenetworks.com Published: 2007 Part number: 100262-00 Rev 01
AccessAdapt, Alpine, BlackDiamond, ESRP, Ethernet Everywhere, Extreme Enabled, Extreme Ethernet Everywhere, Extreme Networks, Extreme Standby Router Protocol, Extreme Turbodrive, Extreme Velocity, ExtremeWare, ExtremeWorks, ExtremeXOS, the Go Purple Extreme Solution, Sentriant, ServiceWatch, ScreenPlay, Summit, SummitStack, Unified Access Architecture, Unified Access RF Manager, UniStack, Universal Port, the Extreme Networks logo, the Alpine logo, the BlackDiamond logo, the Extreme Turbodrive logo, the Summit logos, the Powered by ExtremeXOS logo, and the Color Purple, among others, are trademarks or registered trademarks of Extreme Networks, Inc. or its subsidiaries in the United States and/or other countries. Specifications are subject to change without notice. Adobe, Flash, and Macromedia are registered trademarks of Adobe Systems Incorporated in the U.S. and/or other countries. AutoCell is a trademark of AutoCell. Avaya is a trademark of Avaya, Inc. Internet Explorer is a registered trademark of Microsoft Corporation. Merit is a registered trademark of Merit Network, Inc. Mozilla Firefox is a registered trademark of the Mozilla Foundation. sFlow is a registered trademark of sFlow.org. Solaris and Java are trademarks of Sun Microsystems, Inc. in the U.S. and other countries. All other trademarks, registered trademarks, and service marks are property of their respective owners. 2007 Extreme Networks, Inc. All Rights Reserved.
2
Extreme XOS 12.0 Concepts Guide
ContentsPreface......................................................................................................................................... 29Introduction .............................................................................................................................29 Terminology........................................................................................................................29 Conventions..............................................................................................................................29 Platform-Dependent Conventions ..........................................................................................30 Text Conventions.................................................................................................................30 Related Publications .................................................................................................................31 Using ExtremeXOS Publications Online .................................................................................31
Part 1: Using ExtremeXOSChapter 1: ExtremeXOS Overview ................................................................................................... 35Platforms and Required Software Versions ...................................................................................35 Software Licenses and Feature Packs..........................................................................................37 Software Licensing Overview ................................................................................................37 Software License Levels .......................................................................................................38 Obtaining a License Voucher ................................................................................................40 Enabling and Verifying Licenses ...........................................................................................40 Security Licensing...............................................................................................................41 Feature Packs Overview .......................................................................................................41 Obtaining and Enabling Feature Packs ..................................................................................42 Displaying Software Licenses and Feature Packs ....................................................................43
Chapter 2: Accessing the Switch.................................................................................................... 45Understanding the Command Syntax...........................................................................................45 Syntax Helper .....................................................................................................................46 Command Shortcuts ............................................................................................................47 Names ...............................................................................................................................47 Symbols .............................................................................................................................48 Limits ................................................................................................................................48 Port Numbering ........................................................................................................................48 Stand-alone Switch Numerical Ranges ..................................................................................49 Modular Switch and SummitStack Numerical Ranges .............................................................49 Stacking Port Numerical Ranges...........................................................................................49 Line-Editing Keys......................................................................................................................50 Command History......................................................................................................................50 Common Commands..................................................................................................................50 Accessing the Switch the First Time............................................................................................53 Safe Defaults Setup Method.................................................................................................53 Configuring Management Access ................................................................................................54 Account Access Levels.........................................................................................................54 Configuring the Banner ........................................................................................................55 Startup Screen and Prompt Text ...........................................................................................55
Extreme XOS 12.0 Concepts Guide
3
Contents Default Accounts.................................................................................................................57 Creating a Management Account...........................................................................................57 Failsafe Account .................................................................................................................58 Managing Passwords .................................................................................................................59 Applying a Password to the Default Account ..........................................................................59 Applying Security to Passwords.............................................................................................60 Displaying Passwords...........................................................................................................61 Access to Both MSM Console PortsModular Switches Only.........................................................61 Access to an Active Node in a SummitStack ................................................................................61 Domain Name Service Client Services .........................................................................................61 Checking Basic Connectivity.......................................................................................................62 Ping...................................................................................................................................62 Traceroute ..........................................................................................................................63 Displaying Switch Information ....................................................................................................64
Chapter 3: Managing the Switch .................................................................................................... 65Overview ..................................................................................................................................65 Understanding the ExtremeXOS Shell..........................................................................................66 Using the Console Interface .......................................................................................................66 Using the 10/100 Ethernet Management Port ..............................................................................67 Using EPICenter to Manage the Network .....................................................................................67 Authenticating Users .................................................................................................................68 RADIUS Client ....................................................................................................................68 TACACS+ ...........................................................................................................................68 Management Accounts.........................................................................................................68 Using Telnet .............................................................................................................................68 About the Telnet Client ........................................................................................................69 About the Telnet Server .......................................................................................................69 Connecting to Another Host Using Telnet...............................................................................70 Configuring Switch IP Parameters .........................................................................................70 Configuring Telnet Access to the Switch ................................................................................72 Disconnecting a Telnet Session ............................................................................................75 Using Secure Shell 2.................................................................................................................75 Using the Trivial File Transfer Protocol ........................................................................................76 Connecting to Another Host Using TFTP ................................................................................76 Understanding System RedundancyModular Switches and SummitStack Only .............................77 Node Election .....................................................................................................................78 Replicating Data Between Nodes ..........................................................................................79 Viewing Node Status............................................................................................................81 Understanding Hitless Failover SupportModular Switches and SummitStack Only ........................82 Protocol Support for Hitless Failover .....................................................................................82 Platform Support for Hitless Failover.....................................................................................85 Hitless Failover Caveats .......................................................................................................86 Understanding Power Supply Management ..................................................................................87 Using Power SuppliesModular Switches Only ......................................................................87 Using Power SuppliesSummit Family of Switches Only ........................................................90 Using Power Supplies - SummitStack Only ............................................................................91 Displaying Power Supply Information ....................................................................................91
4
Extreme XOS 12.0 Concepts Guide
Contents Using the Simple Network Management Protocol .........................................................................91 Enabling and Disabling SNMPv1/v2c and SNMPv3 ................................................................92 Accessing Switch Agents......................................................................................................93 Supported MIBs ..................................................................................................................93 Configuring SNMPv1/v2c Settings ........................................................................................93 Displaying SNMP Settings....................................................................................................94 SNMPv3.............................................................................................................................94 Message Processing.............................................................................................................96 SNMPv3 Security ................................................................................................................96 SNMPv3 MIB Access Control ...............................................................................................98 SNMPv3 Notification...........................................................................................................99 Using the Simple Network Time Protocol...................................................................................102 Configuring and Using SNTP ..............................................................................................102 SNTP Example..................................................................................................................105
Chapter 4: Managing the ExtremeXOS Software............................................................................. 107Overview of the ExtremeXOS Software .......................................................................................107 Understanding the ExtremeXOS Software.............................................................................107 Using the ExtremeXOS File System ...........................................................................................108 Moving or Renaming Files on the Switch .............................................................................109 Copying Files on the Switch ...............................................................................................110 Displaying Files on the Switch ............................................................................................111 Transferring Files to and from the Switch ............................................................................113 Deleting Files from the Switch............................................................................................115 Managing the Configuration File ...............................................................................................116 Managing ExtremeXOS Processes .............................................................................................117 Displaying Process Information...........................................................................................117 Stopping a Process............................................................................................................118 Starting a Process .............................................................................................................119 Understanding Memory Protection ............................................................................................120 Monitoring CPU Utilization.......................................................................................................121 Disabling CPU Monitoring ..................................................................................................121 Enabling CPU Monitoring ...................................................................................................121 Displaying CPU Utilization History ......................................................................................122
Chapter 5: Configuring Slots and Ports on a Switch....................................................................... 125Configuring a Slot on a Modular or SummitStack Switch .............................................................125 Overview...........................................................................................................................125 I/O Ports on BlackDiamond 8810 MSM-G8X Module ............................................................126 I/O Ports on BlackDiamond 8806 MSM-G8X Module ............................................................127 Disabling MSM-G8X I/O PortsBlackDiamond 8800 a-series and e-series Modules Only ...........................................................................................127 Configuring Ports on a Switch...................................................................................................128 Port Numbering ................................................................................................................128 Enabling and Disabling Switch Ports ...................................................................................129 Configuring Switch Port Speed and Duplex Setting ...............................................................130 WAN PHY OAMBlackDiamond 10808 and Summit X450a Series Switches Only ..................134 Jumbo Frames ........................................................................................................................135 Jumbo Frames on the BlackDiamond 8800 Series Switch, SummitStack, and Summit Family of Switches Only ..................................................................................135
Extreme XOS 12.0 Concepts Guide
5
Contents Enabling Jumbo Frames.....................................................................................................136 Path MTU Discovery ..........................................................................................................137 IP Fragmentation with Jumbo Frames..................................................................................137 IP Fragmentation within a VLAN .........................................................................................138 Link Aggregation on the Switch ................................................................................................139 Link Aggregation Overview..................................................................................................139 Link Aggregation and Software-Controlled Redundant PortsSummit Family of Switches Only .140 Dynamic Versus Static Load Sharing ...................................................................................140 Load-Sharing Algorithms....................................................................................................141 LACPDynamic Link Aggregation.......................................................................................143 Guidelines for Load Sharing ...............................................................................................145 Configuring Switch Load Sharing ........................................................................................148 Load-Sharing Examples .....................................................................................................150 Displaying Switch Load Sharing..........................................................................................151 Mirroring ................................................................................................................................151 Guidelines for Mirroring on the Summit Family of Switches Only............................................152 Guidelines for Mirroring on the BlackDiamond 8800 Series Switches and SummitStack Only ...153 Guidelines for Mirroring on the BlackDiamond 10808 and 12800 Series Switches Only ..........154 Mirroring Rules and Restrictions for All Switches..................................................................155 Mirroring Examples ...........................................................................................................156 Verifying the Mirroring Configuration ...................................................................................157 Extreme Discovery Protocol ......................................................................................................157 Software-Controlled Redundant Port and Smart Redundancy .......................................................158 Guidelines for Software-Controlled Redundant Ports and Port Groups .....................................159 Configuring Software-Controlled Redundant Ports.................................................................160 Verifying Software-Controlled Redundant Port Configurations.................................................160 Configuring Automatic Failover for Combination PortsSummit X450, X450a, and X450e Series of Switches Only .................................................................................................161 Displaying Port Configuration Information..................................................................................163
Chapter 6: Universal Port............................................................................................................. 165Universal Port .........................................................................................................................165 Events that Trigger Profiles ................................................................................................169 Executing Static Profiles ....................................................................................................170 Handling Profile Execution Errors .......................................................................................170 Universal Port Variables .....................................................................................................171 Sample Profile Configurations ..................................................................................................172 Static Profile Example .......................................................................................................172 Configuring a Profile with QoS Support................................................................................173
Chapter 7: CLI Scripting............................................................................................................... 175CLI Scripting Capabilities ........................................................................................................175 Scripting Variables ............................................................................................................175 Enable | Disable CLI Scripting ............................................................................................176 Local Variables .................................................................................................................176 Variable Manipulation ........................................................................................................176 Session Variables ..............................................................................................................177 Control Structures .............................................................................................................177 Operators .........................................................................................................................178 Built-In Functions .............................................................................................................179 Error Handling ..................................................................................................................179
6
Extreme XOS 12.0 Concepts Guide
Contents CLI Scripting Examples ...........................................................................................................179 Sample Script to Create 100 VLAN's...................................................................................179
Chapter 8: Link Layer Discovery Protocol...................................................................................... 181Overview ................................................................................................................................181 LLDP Packets .........................................................................................................................183 Transmitting LLDP Messages ...................................................................................................184 Receiving LLDP Messages........................................................................................................185 Managing LLDP ......................................................................................................................185 Supported TLVs ......................................................................................................................186 Mandatory TLVs ................................................................................................................189 Optional TLVs ...................................................................................................................190 Configuring LLDP....................................................................................................................195 Enabling and Disabling LLDP .............................................................................................195 Configuring the System Description TLV Advertisement.........................................................196 Configuring LLDP Timers ...................................................................................................196 Configuring SNMP for LLDP ...............................................................................................196 Configuring Optional TLV Advertisements ............................................................................197 Unconfiguring LLDP ..........................................................................................................201 Displaying LLDP Settings.........................................................................................................201 Displaying LLDP Port Configuration Information and Statistics ..............................................201 Displaying LLDP Information Detected from Neighboring Ports ..............................................202
Chapter 9: Connectivity Fault ManagementBlackDiamond 10808 and 12800 Series Switches Only ............................................................................................................................. 203Overview of CFM Elements .......................................................................................................203 Ping and Traceroute ................................................................................................................206 Supported Instances for CFM ...................................................................................................207 Configuring CFM .....................................................................................................................207 Creating Maintenance Domains ..........................................................................................208 Creating and Associating MAs.............................................................................................209 Creating MPs and the CCM Transmission Interval .................................................................210 Executing Layer 2 Ping and Traceroute Messages .................................................................211 Displaying CFM.......................................................................................................................211 CFM Example .........................................................................................................................212
Chapter 10: Power Over Ethernet.................................................................................................. 213Extreme Networks PoE Devices.................................................................................................213 Summary of PoE Features ........................................................................................................214 Power Checking for PoE Module ...............................................................................................215 Power Delivery ........................................................................................................................215 Enabling PoE to the Switch ................................................................................................215 Power Reserve Budget on the Summit X450e-48p Switch and Per Slot on Modular Switches ...216 PD Disconnect Precedence on the Summit X450e-48p Switch and Modular Switches .............217 Port Disconnect or Fault ....................................................................................................218 Port Power Reset...............................................................................................................218 PoE Usage Threshold.........................................................................................................218 Legacy Devices .................................................................................................................219 PoE Operator Limits ..........................................................................................................219
Extreme XOS 12.0 Concepts Guide
7
Contents Configuring PoE ......................................................................................................................220 Enabling Inline Power........................................................................................................220 Reserving Power for the Summit X450e-48p Switch or a Slot on Modular Switches .................221 Setting the Disconnect Precedence on a Summit X450e-48p Switch or Modular Switches .......222 Configuring the Usage Threshold ........................................................................................223 Configuring the Switch to Detect Legacy PDs .......................................................................224 Configuring the Operator Limit ...........................................................................................224 Configuring PoE Port Labels ...............................................................................................224 Power Cycling Connected PDs ............................................................................................225 Displaying PoE Settings and Statistics ......................................................................................225 Clearing Statistics .............................................................................................................225 Displaying System Power Information..................................................................................225 Displaying Slot PoE Information on Modular Switches...........................................................226 Displaying PoE Status and Statistics on Stand-alone Switches...............................................227 Displaying Port PoE Information .........................................................................................227
Chapter 11: Status Monitoring and Statistics ................................................................................ 231Overview of Status Monitoring ..................................................................................................231 Viewing Port Statistics .............................................................................................................231 Viewing Port Errors ..................................................................................................................232 Using the Port Monitoring Display Keys .....................................................................................234 Viewing VLAN Statistics...........................................................................................................234 Performing Switch Diagnostics .................................................................................................235 Running Diagnostics on the BlackDiamond 10808 Switch and the BlackDiamond 8800 Series Switches..................................................................................236 Running Diagnostics on the BlackDiamond 12800 Series Switches .......................................237 Running Diagnostics on the SummitStack or Summit Family of Switches ...............................238 Observing LED Behavior During a Diagnostic Test.................................................................239 Displaying Diagnostic Test Results......................................................................................245 Using the System Health Checker .............................................................................................245 Understanding the System Health CheckerBlackDiamond 10808 and BlackDiamond 12800 Series Switches Only ........................................................................245 Understanding the System Health CheckerBlackDiamond 8800 Series Switch Only .............246 Understanding the System Health CheckerSummit Family of Switches Only ........................247 Enabling Backplane Diagnostic Packets on the SwitchModular Switches Only......................247 Configuring Backplane Diagnostic Packets on the SwitchModular Switches Only ..................247 Disabling Backplane Diagnostic Packets on the SwitchModular Switches Only .....................248 Displaying the System Health Check SettingAll Platforms ..................................................248 System Health Check Examples: Backplane DiagnosticsModular Switches Only ...................248 Setting the System Recovery Level............................................................................................250 Configuring Software Recovery............................................................................................250 Configuring Hardware RecoverySummitStack and Summit Family of Switches Only ..............251 Configuring Module RecoveryModular Switches Only .........................................................253 Using ELSM ...........................................................................................................................260 About ELSM .....................................................................................................................261 ELSM Hello Messages .......................................................................................................261 ELSM Port States..............................................................................................................262 Link States .......................................................................................................................262 ELSM Link States .............................................................................................................263 ELSM Timers ....................................................................................................................264 Configuring ELSM on a Switch ...........................................................................................265
8
Extreme XOS 12.0 Concepts Guide
Contents Displaying ELSM Information .............................................................................................268 Using ELSM with Layer 2 Control Protocols .........................................................................270 ELSM Configuration Example .............................................................................................270 Viewing Fan Information ..........................................................................................................271 Viewing the System Temperature ..............................................................................................272 System Temperature OutputModular Switches and SummitStack Only ................................272 System Temperature OutputSummit Family of Switches Only .............................................272 Power Supply TemperatureModular Switches Only.............................................................273 Fan Tray TemperatureBlackDiamond 10808 Switch Only...................................................273 Using the Event Management System/Logging ...........................................................................273 Sending Event Messages to Log Targets...............................................................................274 Filtering Events Sent to Targets ..........................................................................................275 Displaying Real-Time Log Messages ....................................................................................283 Displaying Event Logs........................................................................................................284 Uploading Event Logs ........................................................................................................284 Displaying Counts of Event Occurrences ..............................................................................284 Displaying Debug Information.............................................................................................285 Logging Configuration Changes...........................................................................................286 Using sFlow............................................................................................................................286 Licensing .........................................................................................................................287 Sampling Mechanisms.......................................................................................................288 Configuring sFlow..............................................................................................................288 Additional sFlow Configuration Options ...............................................................................291 sFlow Configuration Example..............................................................................................292 Displaying sFlow Information..............................................................................................293 Using RMON ..........................................................................................................................293 About RMON ....................................................................................................................293 Supported RMON Groups of the Switch ...............................................................................294 Configuring RMON ............................................................................................................296 Event Actions ...................................................................................................................296 Displaying RMON Information ............................................................................................297
Chapter 12: Virtual LANs ............................................................................................................. 299Overview of Virtual LANs..........................................................................................................299 Benefits ...........................................................................................................................299 Virtual Routers and VLANsBlackDiamond 10808 and 12800 Series Switches Only ..............300 Types of VLANs.......................................................................................................................300 Port-Based VLANs .............................................................................................................301 Tagged VLANs ..................................................................................................................303 Protocol-Based VLANs .......................................................................................................305 Precedence of Tagged Packets Over Protocol Filters .............................................................307 Default VLAN....................................................................................................................307 VLAN Names ..........................................................................................................................307 Renaming a VLAN .............................................................................................................308 Configuring VLANs on the Switch .............................................................................................308 Creating and Configuring VLANs .........................................................................................309 Enabling and Disabling VLANs ...........................................................................................309 VLAN Configuration Examples ............................................................................................310 Displaying VLAN Settings.........................................................................................................311 Displaying Protocol Information ..........................................................................................312
Extreme XOS 12.0 Concepts Guide
9
Contents
Chapter 13: vMAN and Tunneling ................................................................................................. 313Overview ................................................................................................................................313 vMAN Overview .................................................................................................................313 BlackDiamond 12800 Series Switch vMAN Enhancements ...................................................315 vMANs on the BlackDiamond 8800 Series Switches, SummitStack, and the Summit Family of Switches Only ........................................................................................316 vMANs on the BlackDiamond 10808 and BlackDiamond 12800 Series Switches Only ........................................................................317 Licensing .........................................................................................................................318 vMAN Features .......................................................................................................................318 Inter vMAN Forwarding Using vMAN Ingress ACL .................................................................319 vMAN Flood Groups...........................................................................................................319 vMAN Learning Domain .....................................................................................................320 LAG Filtering using vMAN Egress ACL .................................................................................321 STAG Ethertype Translation................................................................................................321 MAC-in-MAC TunnelingBlackDiamond 10808 and 12800 Series Switches Only ..................322 QoS Queue on Egress Port with vMAN packets .....................................................................325 Egress Queue on the BlackDiamond 10808 and 12800 Series Switches Only ..............................................................................................325 Egress Queue on the BlackDiamond 8800 Series Switches, SummitStack, and the Summit Family of Switches Only ...................................................................................326 vMAN Configuration ................................................................................................................326 Guidelines for Configuring vMANs.......................................................................................326 Configuring vMANsBlackDiamond 8800 Series Switches, SummitStack, and the Summit Family of Switches Only ...................................................................................327 Configuring vMANBlackDiamond 12800 Series Switches...................................................328 Configuring vMANsBlackDiamond 10808.........................................................................329 Displaying vMAN Configurations .........................................................................................330 Configuring MAC-in-MAC Tunnels .......................................................................................330 vMAN Examples......................................................................................................................332 MAC-in-MAC Tunneling Example ........................................................................................333 BlackDiamond 10808 Switch Example ...............................................................................335 BlackDiamond 8810 Switch Example .................................................................................335 Inter vMAN Forwarding Using vMAN Ingress ACL Example ....................................................337 LAG Filtering using vMAN Egress ACL Example....................................................................339 STAG Ethertype Translation Example ..................................................................................340
Chapter 14: Web-Based Device Management................................................................................ 343ScreenPlay Overview................................................................................................................343 Setting Up ScreenPlay.............................................................................................................343 HTTP and HTTPS Setup ....................................................................................................343 Client Setup .....................................................................................................................344 Launching ScreenPlay .......................................................................................................345 ScreenPlay Dashboard .............................................................................................................346 Configuration ..........................................................................................................................348 Ports Configuration............................................................................................................348 VLAN Configuration ...........................................................................................................349 Stacking Configuration.......................................................................................................349 SNMP Configuration ..........................................................................................................350
10
Extreme XOS 12.0 Concepts Guide
Contents Statistics and Monitoring .........................................................................................................351 Event Log .........................................................................................................................352 Ports................................................................................................................................352 QoS .................................................................................................................................353 Administration ........................................................................................................................354 User Accounts ..................................................................................................................354 User Sessions ...................................................................................................................355
Chapter 15: Forwarding Database................................................................................................. 357Overview of the FDB ................................................................................................................357 FDB Contents ...................................................................................................................357 How FDB Entries Get Added...............................................................................................358 FDB Entry Types ...............................................................................................................358 Differing FDB Table SizesBlackDiamond 8800 Series Switches, SummitStack, and the Summit Family of Switches Only...................................................................................359 FDB Configuration Examples ....................................................................................................360 Adding a Permanent Static Entry ........................................................................................360 Configuring the FDB Aging Time.........................................................................................360 Clearing FDB Entries .........................................................................................................361 Displaying FDB Entries ............................................................................................................361 MAC-Based Security................................................................................................................362 Disabling MAC Address Learning ........................................................................................362 Disabling Egress Flooding ..................................................................................................363 Displaying Learning and Flooding Settings...........................................................................365 Multicast FDB with Multiport EntryBlackDiamond 8800 Series Switches, SummitStack, and the Summit Family of Switches Only .............................................................365
Chapter 16: Virtual Routers.......................................................................................................... 367Virtual Routers Overview ..........................................................................................................367 Types of Virtual Routers .....................................................................................................368 Virtual Router Configuration DomainBlackDiamond 10808 and BlackDiamond 12000 series Switches Only...............................................................................................369 Using Virtual RoutersBlackDiamond 10808 and BlackDiamond 12000 series Switches Only ......370 Creating Virtual Routers .....................................................................................................370 Configuring Ports to a Single or to Multiple Virtual Router(s) .................................................370 Adding Routing Protocols to a Virtual Router........................................................................371 Displaying Ports and Protocols............................................................................................372 Configuring the Routing Protocols and VLANs ......................................................................372 Virtual Router Configuration Example ........................................................................................373
Chapter 17: Policy Manager ........................................................................................................ 375Policy Manager .......................................................................................................................375 Creating and Editing Policies....................................................................................................375 Using the Edit Command ...................................................................................................376 Using a Separate Machine .................................................................................................376 Checking Policies ..............................................................................................................376 Refreshing Policies............................................................................................................377 Applying Policies ....................................................................................................................377 Applying ACL Policies........................................................................................................378 Applying Routing Policies ..................................................................................................378
Extreme XOS 12.0 Concepts Guide
11
Contents
Chapter 18: Access Lists (ACLs)................................................................................................... 379ACLs......................................................................................................................................380 ACL Rule Syntax .....................................................................................................................381 Matching All Egress Packets...............................................................................................382 Comments and Descriptions in ACL Policy Files ...................................................................382 Types of Rule Entries.........................................................................................................383 Match Conditions ..............................................................................................................384 Actions.............................................................................................................................384 Action Modifiers................................................................................................................384 ACL Rule Syntax Details ....................................................................................................386 IPv6 ACL Address MasksBlackDiamond 10808 and BlackDiamond 12800 Series Switches Only .........................................................................................................391 vMAN ACLsBlackDiamond 10808 and BlackDiamond 12800 Series Switches Only ...................392 vMAN ACL Actions ............................................................................................................392 vMAN ACL Action Modifiers ...............................................................................................393 vMAN ACL ExamplesBlackDiamond 10808 and BlackDiamond 12800 Series Switches Only ...................................................................................................................394 Layer-2 Protocol Tunneling ACLsBlackDiamond 8800 a-Series modules and e-Series and Summit X250e, X450a, and X450e Switches Only ..................................................394 Dynamic ACLs ........................................................................................................................395 Creating the Dynamic ACL Rule ..........................................................................................395 Configuring the ACL Rule on the Interface ...........................................................................396 Configuring ACL Priority...........................................................................................................396 ACL Evaluation PrecedenceBlackDiamond 10808 and BlackDiamond 12800 Series Switches Only .........................................................................................................................400 Rule Evaluation.................................................................................................................400 Precedence of Dynamic ACLs .............................................................................................400 Precedence of L2/L3/L4 ACL Entries on BlackDiamond10k and 12K Switches........................400 Precedence Among Interface Types.....................................................................................401 ACL Evaluation PrecedenceBlackDiamond 8800 Series switches, SummitStack, and the Summit Family Switches Only ......................................................................................401 Rule Evaluation.................................................................................................................401 Precedence of Dynamic ACLs .............................................................................................402 Precedence of L2/L3/L4 ACL Entries...................................................................................402 Precedence Among Interface Types.....................................................................................402 Redundant Rules ..............................................................................................................402 Applying ACL Policy Files ........................................................................................................402 Displaying and Clearing ACL Counters .................................................................................403 Example ACL Rule Entries .................................................................................................403 ACL Mechanisms ....................................................................................................................405 ACL Masks and RulesBlackDiamond 8800 Series Switches and the Summit X450 Series Switches Only .........................................................................................................405 ACL Slices and RulesBlackDiamond 8800 a-series and e-series Modules and Summit X450a, X450e, and X250e Series Switches Only .....................................................411 Policy Based Routing...............................................................................................................421 Layer 3 Policy Based Redirect ............................................................................................421 Layer 2 Policy Based Redirect ............................................................................................422 Configuring Policy Based Routing .......................................................................................424 ACL TroubleshootingBlackDiamond 8800, SummitStack, and Summit Family of Switches .........425
12
Extreme XOS 12.0 Concepts Guide
Contents
Chapter 19: Routing Policies ....................................................................................................... 427Routing Policies......................................................................................................................427 Routing Policy File Syntax..................................................................................................427 Applying Routing Policies ..................................................................................................432 Policy Examples ................................................................................................................432
Chapter 20: Quality of Service ..................................................................................................... 437Overview of Policy-Based Quality of Service ...............................................................................437 Applications and Types of QoS .................................................................................................438 Voice Applications.............................................................................................................438 Video Applications.............................................................................................................438 Critical Database Applications ............................................................................................439 Web Browsing Applications ................................................................................................439 File Server Applications .....................................................................................................439 Configuring QoS......................................................................................................................440 Configuring QoS on the BlackDiamond 8800 Series Switches, SummitStack, and the Summit Family of Switches Only ...................................................................................440 QoS Profiles ...........................................................................................................................441 QoS Profiles on the BlackDiamond 8800 Series Switches, SummitStack, and the Summit Family of Switches Only ...................................................................................441 QoS Profiles on the BlackDiamond 10808 and 12800 Series Switches......................................................................................................443 Traffic Groupings ....................................................................................................................444 Precedence of Traffic Groupings .........................................................................................444 ACL-Based Traffic Groupings..............................................................................................446 Explicit Class of Service (802.1p and DiffServ) Traffic Groupings ..........................................446 Physical and Logical Groupings ..........................................................................................453 Verifying QoS Configuration and Performance ............................................................................455 Monitoring Performance.....................................................................................................455 Displaying QoS Profile Information......................................................................................456 Guidelines for Configuring QoS.................................................................................................457 Metering Using ACLsBlackDiamond 8800 Series, SummitStack, the Summit Family of Switches, and BlackDiamond 12800 R-Series Switch Only .....................................................457 Creating the ACL Meter......................................................................................................458 Configuring the ACL Meter .................................................................................................458 Associating the Meter with an ACL......................................................................................458 Displaying Meters..............................................................................................................459 Egress Traffic Rate LimitingBlackDiamond 8800 Series Switches, SummitStack, and the Summit Family of Switches Only...................................................................................459 Applying Egress Bandwidth to a PortBlackDiamond 10808 and 12800 Series Switches Only......460 Applying Egress Bandwidth to a QoS Queue...............................................................................461 Bi-Directional Rate ShapingBlackDiamond 10808 Switch Only ................................................461 Bandwidth Settings ...........................................................................................................462 Configuring Bi-Directional Rate Shaping..............................................................................463 Hierarchical QoSBlackDiamond 12800 R-Series Switch Only...................................................464 Overview...........................................................................................................................465 Setting the HQoS Mode .....................................................................................................466 HQoS Implementation .......................................................................................................467 Guidelines for Using Ingress-Only and Ingress and Egress HQoS ............................................472
Extreme XOS 12.0 Concepts Guide
13
Contents Configuring HQoS Ingress and Egress Queues ......................................................................472 Displaying HQoS ...............................................................................................................476 HQoS Examples ................................................................................................................478
Chapter 21: Network Login .......................................................................................................... 481Network Login Overview ...........................................................................................................481 Web-Based, MAC-Based, and 802.1x Authentication............................................................482 Multiple Supplicant Support ..............................................................................................483 Campus and ISP Modes .....................................................................................................484 Network Login and Hitless FailoverModular Switches and SummitStack Only.......................484 Configuring Network Login .......................................................................................................485 Enabling or Disabling Network Login on the Switch ..............................................................486 Enabling or Disabling Network Login on a Specific Port ........................................................486 Configuring the Move Fail Action ........................................................................................486 Displaying Network Login Settings ......................................................................................487 Exclusions and Limitations.................................................................................................487 Authenticating Users ...............................................................................................................487 Creating User Accounts on the RADIUS Server.....................................................................488 Configuring Local Database Authentication ..........................................................................492 802.1x Authentication.............................................................................................................496 Interoperability Requirements.............................................................................................496 Enabling and Disabling 802.1x Network Login .....................................................................497 802.1x Network Login Configuration Example......................................................................497 Configuring Guest VLANs ...................................................................................................498 Post-authentication VLAN Movement ..................................................................................501 802.1x Authentication and Network Access Protection .........................................................502 Web-Based Authentication .......................................................................................................506 Enabling and Disabling Web-Based Network Login ...............................................................506 Configuring the Base URL ..................................................................................................506 Configuring the Redirect Page ............................................................................................507 Configuring Session Refresh ...............................................................................................507 Configuring Logout Privilege...............................................................................................507 Configuring the Login Page ................................................................................................507 Customizable Authentication Failure Response ....................................................................509 Web-Based Network Login Configuration Example ................................................................510 Web-Based Authentication User Login.................................................................................511 MAC-Based Authentication ......................................................................................................513 Enabling and Disabling MAC-Based Network Login ...............................................................514 Associating a MAC Address to a Specific Port ......................................................................514 Adding and Deleting MAC Addresses...................................................................................514 Displaying the MAC Address List ........................................................................................515 Secure MAC Configuration Example ....................................................................................515 MAC-Based Network Login Configuration Example................................................................516 Additional Network Login Configuration Details ..........................................................................516 Configuring Netlogin MAC-Based VLANs..............................................................................517 Configuring Dynamic VLANs for Netlogin .............................................................................519 Configuring Netlogin Port Restart........................................................................................521
Chapter 22: Security ................................................................................................................... 523Security Overview....................................................................................................................523 Safe Defaults Mode .................................................................................................................525
14
Extreme XOS 12.0 Concepts Guide
Contents MAC Security..........................................................................................................................525 Limiting Dynamic MAC Addresses.......................................................................................526 MAC Address Lockdown.....................................................................................................528 MAC Address Lockdown with Timeout .................................................................................529 DHCP Server ..........................................................................................................................533 Enabling and Disabling DHCP ............................................................................................533 Configuring the DHCP Server..............................................................................................533 Displaying DHCP Information .............................................................................................534 IP Security .............................................................................................................................535 DHCP Snooping and Trusted DHCP Server...........................................................................535 Source IP Lockdown ..........................................................................................................538 ARP Learning ...................................................................................................................539 Gratuitous ARP Protection..................................................................................................541 ARP Validation..................................................................................................................543 Denial of Service Protection .....................................................................................................544 Configuring Simulated Denial of Service Protection ..............................................................545 Configuring Denial of Service Protection ..............................................................................545 Protocol Anomaly Protection...............................................................................................546 Authenticating Users Using RADIUS or TACACS+ ......................................................................547 RADIUS ...........................................................................................................................547 Configuring RADIUS ..........................................................................................................550 TACACS+ .........................................................................................................................555 Hyptertext Transfer Protocol .....................................................................................................560 Secure Shell 2 ........................................................................................................................560 Enabling SSH2 for Inbound Switch Access ..........................................................................561 Viewing SSH2 Information .................................................................................................563 Using ACLs to Control SSH2 Access ...................................................................................563 Using SCP2 from an External SSH2 Client ..........................................................................565 Understanding the SSH2 Client Functions on the Switch ......................................................566 Using SFTP from an External SSH2 Client...........................................................................567 Secure Socket Layer ................................................................................................................569 Enabling and Disabling SSL ...............................................................................................570 Creating Certificates and Private Keys .................................................................................570 Displaying SSL Information ................................................................................................572
Chapter 23: CLEAR-Flow .............................................................................................................. 573Overview ................................................................................................................................573 Configuring CLEAR-Flow ..........................................................................................................573 Displaying CLEAR-Flow Configuration and Activity................................................................574 Adding CLEAR-Flow Rules to ACLs ...........................................................................................574 CLEAR-Flow Rule Match Type ............................................................................................575 CLEAR-Flow Rule Match Conditions....................................................................................576 CLEAR-Flow Rule Actions ..................................................................................................582 CLEAR-Flow Rule Examples .....................................................................................................587 Count Expression Example .................................................................................................587 Delta Expression Example ..................................................................................................588 Ratio Expression Example ..................................................................................................589 Delta-Ratio Expression Example..........................................................................................590
Extreme XOS 12.0 Concepts Guide
15
Contents
Chapter 24: Configuring Stacked Switches ................................................................................... 591Overview ................................................................................................................................591 Understanding SummitStack Terms ....................................................................................592 Required Software Release.................................................................................................594 Understanding SummitStack Configuration Parameters, Configuration Files, and Port Numbering ..........................................................................................................594 Understanding Stacking Link Overcommitment ....................................................................595 About SummitStack Logging Messages................................................................................595 About QoS in Stacking.......................................................................................................596 About Power Management and Power Over Ethernet on Stacking ...........................................597 About Stacking Node Roles, Redundancy, and Failover .........................................................597 About the Failsafe Account on SummitStack Nodes..............................................................598 SummitStack Compatible Switches...........................................................................................598 SummitStack Topologies..........................................................................................................599 Ring Topology ...................................................................................................................600 Daisy Chain Topology.........................................................................................................601 Stack Depth .....................................................................................................................602 Logging into a SummitStack ....................................................................................................603 Logging in Through the Console Port ...................................................................................603 Logging in from the Management Network ...........................................................................603 Logging Into a Node From Another Node .............................................................................604 Managing Licenses on a SummitStack ......................................................................................604 Viewing Switch Licenses ....................................................................................................605 Enabling a Switch License .................................................................................................605 Restricting a Switch License Level ......................................................................................606 Upgrading Licenses ...........................................................................................................606 Configuring a New Stack..........................................................................................................607 Configuration Procedure.....................................................................................................608 Converting a Standalone Node Deployment to a Stack ................................................................609 SummitStack Configuration Tasks.............................................................................................611 Enabling the Stack ............................................................................................................611 Verifying the Configuration .................................................................................................611 Setting the Command Prompt.............................................................................................614 Configuring Slot Numbers ..................................................................................................615 Configuring Node Priority ...................................................................................................615 Assigning a MAC address for the Stack................................................................................616 Configuring Master-Capability.............................................................................................617 Configuring an Alternate Management IP Address ................................................................618 Configuring the Failsafe Account on a Stack ........................................................................619 Saving the Configuration ....................................................................................................619 Managing an Operating SummitStack........................................................................................619 Stacking LEDs ..................................................................................................................619 Configuring and Viewing Stacking Port Status ......................................................................620 Adding a Node to an Active Topology ..................................................................................620 Replacing a Node with the Same Switch Type......................................................................621 Replacing a Node with a Different Switch Type ....................................................................622 Merging Two Stacks ..........................................................................................................623 Synchronize Command Operation........................................................................................624 Upgrading ExtremeXOS on a Stack......................................................................................624 Rebooting a Stack .............................................................................................................626
16
Extreme XOS 12.0 Concepts Guide
Contents Configuration Examples ...........................................................................................................626 Building and Deploying a New Stack ...................................................................................626 Joining Two Stacks............................................................................................................630 Adding a Node to a Stack...................................................................................................636 Configuring an Alternate IP Address ....................................................................................638 Configuring a MAC address ................................................................................................639 Configuring the License Level Restriction ............................................................................642 Bringing All Nodes Up to the Same License Level ................................................................642 VLAN Management in Stacking...........................................................................................643 Troubleshooting a Stack...........................................................................................................644 Managing a Dual Master Situation ......................................................................................645 Setting Traps for Stacking ..................................................................................................647 Connecting to a SummitStack with No Master......................................................................648 Rescuing a Stack That Has No Master-Capable Node............................................................648 FAQs on SummitStack.............................................................................................................650
Part 2: Using Switching and Routing ProtocolsChapter 25: Ethernet Automatic Protection Switching.................................................................... 653Licensing ...............................................................................................................................653 Overview of the EAPS Protocol .................................................................................................654 Fast Convergence ..............................................................................................................655 EAPS and Hitless FailoverModular Switches and SummitStack Only ...................................655 Fault Detection and Recovery ...................................................................................................656 Link Down Message Sent by a Transit Node .........................................................................657 Ring Port Down Event Sent by Hardware Layer .....................................................................658 Polling .............................................................................................................................658 Restoration Operations.......................................................................................................658 Multiple EAPS Domains...........................................................................................................659 EAPS Data VLAN Spanning Two Rings Connected by One Switch...........................................659 Multiple EAPS Domains per RingSpatial Reuse.................................................................660 Multiple EAPS Rings Sharing a Common Link ......................................................................661 Configuring EAPS on a Switch ..................................................................................................662 Creating and Deleting an EAPS Domain...............................................................................663 Defining the EAPS Mode of the Switch................................................................................664 Configuring EAPS Polling Timers ........................................................................................665 Configuring the Primary and Secondary Ports .......................................................................666 Configuring the EAPS Control VLAN ....................................................................................666 Adding the EAPS Protected VLANs .....................................................................................667 Enabling and Disabling Fast Convergence ............................................................................668 Enabling and Disabling an EAPS Domain.............................................................................668 Enabling and Disabling EAPS on the Switch ........................................................................668 Unconfiguring an EAPS Ring Port .......................................................................................669 Disabling EAPS Loop Protection Warning Messages ..............................................................670 Displaying EAPS Status and Counter
